VERSION: Disable GIT_SNAPSHOT for the 4.7.0rc4 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.7.0rc4.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

source3/client: Fix typo in help message displayed by default

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12936

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 90487259e365d5b966ccc47ac51eadb4733f3197)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Mon Aug 14 14:35:34 CEST 2017 on sn-devel-144

vfs_fruit: factor out common code from ad_get() and ad_fget()

As a result of the previous changes ad_get() and ad_fget() do completey
the same, so factor out the common code to a new helper function. No
change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Aug  9 22:33:36 CEST 2017 on sn-devel-144

(cherry picked from commit d55c27abc5a7357f740c7065bbe12e7f36b57125)

vfs_fruit: return fake pipe fd in fruit_open_meta_netatalk()

Do not open the basefile, that conflict with "kernel oplocks = yes". We
just return a fake file fd based on dup'ing a pipe fd and ensure all VFS
functions that go through vfs_fruit and work on the metadata stream can
deal with it.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 7583ee6e1c558067e4c7a7351085fcc0e4240366)

vfs_fruit: don't open basefile in ad_open() and simplify API

We never need an fd on the basefile when operating on the metadata, as
we can always use path based syscalls. Opening the basefile conflicts
with "kernel oplocks" so just don't do it.

Additional changes:

- remove the adouble_type_t argument to ad_open(), the type is passed
  and set when allocating a struct adouble with ad_alloc()

- additionally pass an optional fsp to ad_open() (so the caller can pass
  NULL). With this change we can move the fd inheritance from fsp to ad
  into ad_open() itself where it belongs and remove it from the caller
  ad_fget()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit e92a39255e66f655e2758f0a71a01eaf258cf711)

vfs_fruit: use path based setxattr call in ad_fset()

This allows later commits to remove opening of the basefile which
conflict with "kernel oplocks = yes".

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit aff6fc49f4ac244aef162200a37bd846719e1e4f)

s4/torture: additional tests for kernel-oplocks

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit bbc225de83e7b0e5eaeb1b843532d1f0fca91a3c)

s4/torture: reproducer for kernel oplocks issue with streams

test_smb2_kernel_oplocks3() wouldn't have failed without the patches,
I'm just adding it to have at least one test that tests with 2
clients. All other tests use just one client.

test_smb2_kernel_oplocks4() is the reproducer.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit a334fff8a8c779704ee04ae784024efb67a6e9c9)

vfs_streams_xattr: return a fake fd in streams_xattr_open()

The final step in changing vfs_streams_xattr to not call open() on the
basefile anymore. Instead, we just return a fake file fd based on
dup'ing a pipe fd. Previous commits ensured all calls to VFS API
functions use pathname based versions to do their work.

This ensures we don't trigger kernel oplock breaks for client "open
stream" requests when needlessly opening the basefile.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 0a8559d4c9e4fc73c30a06b5f45f3b870afe4439)

vfs_streams_xattr: implement all missing handle based VFS functions

Implement all missing handle based VFS function. If the call is on a
named stream, implement the appropriate action for the VFS function, in
most cases a no-op.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 9647af6bec62c9f61d541aad4a9b8f25fd5bc627)

vfs_streams_xattr: always pass NULL as fsp arg to get_ea_value()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 0ed3075ee7edfecde7455a2c64e9df882828343b)

vfs_streams_xattr: remove fsp argument from get_xattr_size()

Still in the process of changing all handle based operations to use path
based operations.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 4cc59e6d011cd3804499ba82bb4071973aa9d494)

vfs_streams_xattr: remove all uses of fd, use name based functions

We don't really need an fd in this module, all calls to the VFS xattr
API can just use the name based versions.

This paves the way for removing the open of the basefile in
streams_xattr_open() in a later commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit ea906bb476516c05e7cbda478afd32acb443c03e)

vfs_streams_xattr: invalidate stat info if xattr was not found

We stat the basefile so we leave valid stat info from the base file
behind, even though the xattr for the stream was not there.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit ec32f33ea6d50d9cb504400c3ef1e78643502e1a)

s3: torture: Add a test for cli_setpathinfo_basic() to smbtorture3.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12913

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit bfa07323590357542eb06ad5faa2dc5a5736e3f1)

s3: libsmb: Implement cli_smb2_setatr() by calling cli_smb2_setpathinfo().

This removes duplicate code paths and ensures we have only one
function calling the underlying smb2cli_set_info() for setting
info levels by path.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12913

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit b1e5b894b089433e59c96915a27559d179bdb6c5)

s3: libsmb: Add cli_smb2_setpathinfo(), to be called by cli_setpathinfo_basic().

Fix to prevent libsmbclient from accidently making SMB1 calls inside an SMB2
connection.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12913

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 2a15c70603bb23a68a2e3de0b00bfd98508f78e0)

s3: libsmbclient: Fix cli_setpathinfo_basic() to treat mode == -1 as no change.

This is only called from SMBC_setatr(), so bring it into line with
the specification for that function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12913

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 812006fa8f26004609901b0ddef1c3ed05eff35e)

vfs_gpfs: handle EACCES when fetching DOS attributes from xattr

When trying to fetch the DOS attributes via gpfswrap_get_winattrs_path()
if the filesystem doesn't grant READ_ATTR to the file the function fails
with EACCESS.

But according to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to an
Existing File" FILE_LIST_DIRECTORY on a directory implies
FILE_READ_ATTRIBUTES for directory entries.

So if the user can open the parent directory for reading this implies
FILE_LIST_DIRECTORY and we can safely call gpfswrap_get_winattrs_path()
with DAC_OVERRIDE_CAPABILITY.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug  9 01:21:14 CEST 2017 on sn-devel-144

(cherry picked from commit 62d73f5b936550d623ef4f31c7438ac3c90105b9)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Fri Aug 11 14:48:10 CEST 2017 on sn-devel-144

s3/smbd: handle EACCES when fetching DOS attributes from xattr

When trying to fetch the DOS attributes xattr via SMB_VFS_GETXATTR() if
the filesystem doesn't grant read access to the file the xattr read
request fails with EACCESS.

But according to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to an
Existing File" FILE_LIST_DIRECTORY on a directory implies
FILE_READ_ATTRIBUTES for directory entries.

So if the user can open the parent directory for reading this implies
FILE_LIST_DIRECTORY and we can safely call SMB_VFS_GETXATTR() as root,
ensuring we can read the DOS attributes xattr.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit c54fcb7cbd0de244eed4134e877da6e9c16e7aab)

s3/smbd: handling of failed DOS attributes reading

Only fall back to using UNIX modes if we get NOT_IMPLEMENTED. This is
exactly what we already do when setting DOS attributes.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit 9de1411d9e7c7ac3da544345d4dea7fd73dff01b)

python: Fix incorrect kdc.conf parameter name in kerberos.py

Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12947
Typo in kdc.conf results in: Unable to load requested database module
'samba'.

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Thu Aug 10 12:58:59 CEST 2017 on sn-devel-144

WHATSNEW: Update doc for Samba AD with MIT Kerberos

This has been changed, the file is created in the private samba
directory. The path is printed by 'samba-tool' after it has been
created.

Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Tue Aug  8 12:49:24 CEST 2017 on sn-devel-144

dsdb: Do not force a re-index of sam.ldb on upgrade to 4.7

This means that no compatibleFeatures or incompatibleFeatures will be honoured
until a re-index, but that can be triggered when these features are set.

New databases will still get this support.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12855
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit 39c6274084e5d72d6fdfae1fb9fede439f6ad60d)

dsdb: Fix dsdb_next_callback to correctly use ldb_module_done() etc

If we do not call ldb_module_done() then we do not know that up_req->callback()
has been called, and ldb_next_request() will call the callback again.

If called twice, the new ldb_lock_backend_callback() in ldb 1.2.0 will segfault.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12904

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug  1 07:52:38 CEST 2017 on sn-devel-144

(cherry picked from commit d5750f016362ce55a1c905509c419756b523dde6)

s4-cldap/netlogon: Match Windows 2012R2 and return NETLOGON_NT_VERSION_5 when version unspecified

The previous patch set this incorrectly to NETLOGON_NT_VERSION_1

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 0554bc237f1b84d672d36781bead8b2c33f2e5a4)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Tue Aug  1 15:56:56 CEST 2017 on sn-devel-144

s4-dsdb/netlogon: allow missing ntver in cldap ping

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392

Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 88db634ed84647e5105c4b4fdf37d5892bebfd8d)

s4:torture/ldap: Test netlogon without NtVer

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392

Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 22a94b728bd5d513b2002b62c129271d2210ed73)

s3/utils: smbcacls failed to detect DIRECTORIES using SMB2 (windows only)

uint16_t get_fileinfo(...) returns file attributes, this function
called

     cli_qfileinfo_basic(cli, fnum, &mode, NULL, NULL, NULL,
                     NULL, NULL, NULL);

which was failing with NT_STATUS_ACCESS_DENIED errors when fnum above
was obtained via (when using protocol > SMB). Note: This only seems to be
an issue when run against a windows server, with smbd SMB1 & SMB2 work fine.

    status = cli_ntcreate(cli, filename, 0, CREATE_ACCESS_READ,
                  0, FILE_SHARE_READ|FILE_SHARE_WRITE,
                  FILE_OPEN, 0x0, 0x0, &fnum, NULL);

The failing cli_qfileinfo_basic call above is unnecessary as we can already
obtain the required information from the cli_ntcreate call

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12937

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit c57dcafb150823b00fd873046e65a966a8488fa8)

mit-kdb: Fix NULL pointer check after malloc

This fixes building with GCC 7.1.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 9b64b11c2f2c1bc77ae887b34d7efcb9f1452da7)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Mon Jul 31 15:49:51 CEST 2017 on sn-devel-144

s4:kcc: Add a NULL check before qsort()

This fixes building with GCC 7.1.1

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 314cf608932c21d593afd04769b07435bcd4fc53)

selftest: Make --include-env and --exclude-env use the base env name

The code as deployed would have required (eg) '--include-env=ktest
--include-env=ktest:local' which was not done in autobuild, causing
tests to be skipped.  This patch restores the intended behaviour.

This causes 33 testsuites to run, one more test (the newly added
samba.tests.ntlmauth) than the old regex provided (before
602772159dfd1213385f42ecbf31136f57693b63).

(The regression dropped us down to matching only 7 tests).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12922

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jul 24 03:33:01 CEST 2017 on sn-devel-144

(cherry picked from commit 61455ad82e293df4a094204fdf28162baad686ae)

selftest: Use NETLOGON_NEG_STRONG_KEYS constant in AuthLogTestsNetLogonBadCreds

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 25 03:21:19 CEST 2017 on sn-devel-144

(cherry picked from commit a420b1bdccbba72faf1108f7fae8b8202075db97)

s4-netlogon: Use log_escape to protect against un-validated strings

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 427a11b812d1872879658c998ef0328dd7c2a53a)

s4-netlogon: Extend ServerAuthenticate3 logging to split up username forms

This splits out the username into the input, mapped and obtained
just as we do elsewhere.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit abd821b76b27eb8d9bc2f8acfcf9d98caf015f5f)

source4 netlogon: Add authentication logging for ServerAuthenticate3

Log NETLOGON authentication activity by instrumenting the
netr_ServerAuthenticate3 processing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit efc335a03062740f51a6edd09d765a8b77e239c5)

tests auth_log: Add new tests for NETLOGON

Tests for the logging of NETLOGON authentications in the
netr_ServerAuthenticate3 message processing

Test code based on the existing auth_log tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit f3d3e6da5a42833b8de86e9b7c0aa1c56e1c4e80)

tests auth_log: Modify existing tests to handle NETLOGON messages

Modify the existing tests to ignore auth logging for NETLOGON messages.
NETLOGON authentication is logged once per session, and is tested
separately.  Ignoring it in these tests avoids order dependencies.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 5c27c5b6efb4226aa8bdaf4e5cbb770f8b3ef22f)

auth_log: use symbolic constant to replace /root/ncalrpc_as_system

Modified to use constant AS_SYSTEM_MAGIC_PATH_TOKEN instead of
string literal "/root/ncalrpc_as_system"

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit ddfe8aa9cccd78426456b6397bc7b352d9705648)

rpc: use symbolic constant to replace /root/ncalrpc_as_system

Modified to use constant AS_SYSTEM_MAGIC_PATH_TOKEN instead of string literal
"/root/ncalrpc_as_system"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 1898096c7ecef4c323b14b7cf30db4283386f913)

dcerpc.idl Add symbolic constant for /root/ncalrpc_as_system

This is string is used several places in the code and tests, so it
should be a constant.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 6ab9f789ff6e6328cf222fdb1a39457af7ed58b4)

samdb/cracknames: support user and service principal as desired format

This adds support for DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL and
DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL as desired formats.

This also causes the test in cracknames.py to no longer fail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12842

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul 24 11:10:26 CEST 2017 on sn-devel-144

(cherry picked from commit eb2e77970e41c1cb62c041877565e939c78ff52d)

samdb/cracknames: do not show recycled when a guid is desired

Previously, when a GUID was desired to
cracknames, it would include recycled objects as well. This would
sometimes result in two objects being returned from a query which is
supposed to return a unique GUID. For example, if a deleted user had
the same sAMAccountName as a non-deleted user and cracknames was used to
find the GUID of this account, it would return two GUIDs, and so would
fail with DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12842

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit c186e02b40c921d33e23c8b2f7c5f1abb235a438)

python/tests: add python test for cracknames

This fails due the bug, which causes the related test in
drsuapi_cracknames.c to flap. It also fails due to us not yet supporting
DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL or
DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12842

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit 4779afe0d2dd14371b68e80f47d11942456bb365)

s4-rpc_server: Improve debug of new endpoints

This helps us know what process model is required and what one is in use.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12939

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 28 04:12:08 CEST 2017 on sn-devel-144

(cherry picked from commit 1ea6b5168f146d23d139b570084cb32ec02538fe)

s4-rpc_server: ensure we get a new endpoint for netlogon

If we share the single process RPC servers with the multi-process RPC servers
on the same endpoint, they will default to running in an single process

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12939

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit bc48c4b54b9c50d76fc967a1aa4fa013079605bc)

WHATSNEW: Fix typo.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

vfs_ceph: fix cephwrap_chdir()

When provided a '/' path (i.e. CephFS root), vfs_ceph does a *local*
chdir() to the share path. This breaks smb client directory listings.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12911

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Jul 21 19:10:46 CEST 2017 on sn-devel-144

(cherry picked from commit 1dcacff083019810e207a3d123a81fe32d9dde1a)

VERSION: Bump version up to 4.7.0rc4...

and re-enable GIT_SNAPSHOTS.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

VERSION: Disable GIT_SNAPSHOTS for the 4.7.0rc3 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.7.0rc3.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

s3: drop build_env

As a follow up to eedebe2ef1b ("docs-xml: Sort input file list"), this
change enables reproducible builds, without the added complexity of
https://lists.samba.org/archive/samba-technical/2017-June/121302.html

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12906

Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Jul 14 18:48:08 CEST 2017 on sn-devel-144

(cherry picked from commit 85b10a636e0eeeca0948c6b1d59d2df7b4507d45)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Tue Jul 25 02:20:38 CEST 2017 on sn-devel-144

s3: smbd: Fix a read after free if a chained SMB1 call goes async.

Reported to the Samba Team by Yihan Lian <lianyihan@360.cn>, a security
researcher of Qihoo 360 GearTeam. Thanks a lot!

smb1_parse_chain() incorrectly used talloc_tos() for the memory
context of the chained smb1 requests. This gets freed between
requests so if a chained request goes async, the saved request
array also is freed, which causes a crash on resume.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12836

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 5fe76a5474823ed7602938a07c9c43226a7882a3)

s3: libsmb: Fix use-after-free when accessing pointer *p.

talloc_asprintf_append() might call realloc()
and therefore move the memory address of "path".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12927

Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jul 22 22:45:05 CEST 2017 on sn-devel-144

(cherry picked from commit 890137cffedcaf88a9ff808c01335ee14fcfd8da)

smbd: Fix a connection run-down race condition

When we do a server exit with active aio jobs, we need to keep the
aio state active for the helper thread. Right now I don't see another
chance than to leak memory in this case. And, I don't really oversee
how cancelling requests works in this case, but this does fix crashes
seen at a customer site.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12925

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 0181fcc4aaa730e3a88ff5d397145332f4013950)

s3/notifyd: ensure notifyd doesn't return from smbd_notifyd_init

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12910

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 7f4e7cfd1b0bd917395c631a1a8195fffd13bbad)

Build py3 versions of other rpc modules

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12905

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Fri Jul 14 11:36:53 CEST 2017 on sn-devel-144

(cherry picked from commit 0ed918ef5276c459d46c9e77c9e9d84bc41d4b14)

py3: Make sure to specify METH_VARARGS together with METH_KEYWORDS

A Python 3 bug https://bugs.python.org/issue15657 explains that one should
always use METH_VARARGS|METH_KEYWORDS when defining a function rather
than a lonely METH_KEYWORDS. We had only one definition like this in
Samba and it was the one that affects FreeIPA when running in Python 3
mode.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12905

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 303a52d8d48e4f5754448a876fedc98d7829e2bb)

s3: smbclient: Add a test for the setmode command.

Tested over SMB1 and SMB2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12899

Back ported from 5facd045efe88783ba078c14793d05439bcc5a4b in master.

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: libsmb: Reverse sense of 'clear all attributes', ignore attribute change in SMB2 to match SMB1.

SMB1 uses attr == 0 to clear all attributes
on a file (end up with FILE_ATTRIBUTE_NORMAL),
and attr == FILE_ATTRIBUTE_NORMAL to mean ignore
request attribute change.

SMB2 uses exactly the reverse. Unfortunately as the
cli_setatr() ABI is exposed inside libsmbclient,
we must make the SMB2 cli_smb2_setatr() call
export the same ABI as the SMB1 cli_setatr()
which calls it. This means reversing the sense
of the requested attr argument if it's zero
or FILE_ATTRIBUTE_NORMAL.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12899

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit f1cc79a46d56bda99c392d491d88479cd6427a32)

ctdb-common: Set close-on-exec when creating PID file

Otherwise, for example, the file descriptor for the main PID file will
leak all the way down to event scripts.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12898

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 3e85cbfd7541d8f30ce1f3244ebcc44332b394fe)

vfs_fruit: don't use MS NFS ACEs with Windows clients

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12897

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Jul 13 22:21:08 CEST 2017 on sn-devel-144

(cherry picked from commit df0db9d8f893f9245c6289200303b94a6e2d48d0)

dbwrap_ctdb: Fix calculation of persistent flag

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12891

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit f7daa453045c787ddab6e04c1fdaa386c231371f)

dbwrap: Ask CTDB for local tdb open flags

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12891

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jul 12 13:25:11 CEST 2017 on sn-devel-144

(cherry picked from commit de9d21957706bd5d811db01b7b5d88a0bb17034b)

ctdbd_conn: pass persistent bool instead of tdb_flags

ctdbd_db_attach() only needs to know the ctdb database model, not the
rest of the flags.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12891

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit b2b7e3b9710fa22716f931177265dcd8de74532b)

ctdbd_conn: move CTDB_CONTROL_ENABLE_SEQNUM control to db_open_ctdb

No change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12891

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 0077296cee1cd54a5adb12fc706cbf99203a8213)

dbwrap: CTDB ignores tdb_flags passed to db attach controls

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12891

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 6ae063a109ca88bf815fd1bf5e8865053bea41b9)

dbwrap: enable mutexes by default for volatile TDBs

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12891

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit a70be43246ab74f0a2bbe245ab31f24460b70547)

ctdb: enable mutexes for volatile TDBs by default

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12891

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 2bce9cb72f3ac7efc2f4f48b0cffa1876364ae8c)

s3/vfs: rename SMB_VFS_STRICT_LOCK to SMB_VFS_STRICT_LOCK_CHECK

As per MS-SMB2 and MS-FSA and our SMB_VFS_STRICT_LOCK implementation,
we're merely testing for locks, not setting any.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12887

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 11 03:37:44 CEST 2017 on sn-devel-144

(cherry picked from commit 67466271c26ca10c6bce6a51f9dd97a22258f8a4)

s3/vfs: remove SMB_VFS_STRICT_UNLOCK

It's just a noop, so let's remove it. SMB_VFS_STRICT_LOCK doesn't set
logs, it just checks for the presence of incompatible locks.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12887

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c9172c5a4505eb18cb4645e2436eabcc93ec67e1)

s3:client: The smbspool krb5 wrapper needs negotiate for authentication

If you create a new printer it doesn't have AuthInfoRequired set and so
cups calls the backend with:

  AUTH_INFO_REQUIRED=none

In this case we need to return:

  ATTR: auth-info-required=negotiate

and return an error that we require authentication.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12886

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 4cced4da4ca97f0c6db227e6b2c7e03c2e5c1f28)

vfs_fruit: add fruit:model = <modelname> parametric option

fruit:model = iMac
fruit:model = MacBook
fruit:model = MacPro
fruit:model = Xserve

will all display a different icon inside Finder.

Formerly, we used "Samba" which resulted in a "?" icon in Finder, with
the new default "MacSamba" we appear with a computer box icon at least.

Guenther

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12840

Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Jul 12 03:17:57 CEST 2017 on sn-devel-144

(cherry picked from commit 259e1706e3206b215e136ea9d5beef4c9e3fcdee)

idmap_ad: Retry query_user exactly once if we get TLDAP_SERVER_DOWN

All other ldap-querying methods in idmap_ad make a single retry attempt if they get
TLDAP_SERVER_DOWN. This patch brings idmap_ad_query_user in line with that design.

This fixes the symptom described in 12720 at the cost of an additional reconnect per
failed lookup.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12720

Signed-off-by: Dustin L. Howett <dustin@howett.net>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit fe7020b0d1b6fe1ca9add4815e20c2e2262cb6c9)

tevent: version 0.9.33

* make tevent_req_print() more robust against crashes

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 7ad3a99d462e4a43c9f64b0877111d5e58f56e6e)

Autobuild-User(v4-7-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-7-test): Sun Jul 23 14:41:25 CEST 2017 on sn-devel-144

tevent: handle passing req = NULL to tevent_req_print()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit ca3e98488a45aa143e4ba454b4ba8763f09a6f50)

tevent: avoid calling talloc_get_name(NULL) in tevent_req_default_print()

We have the same information available under req->internal.private_type.

This way it's possible to call tevent_req_print() after
tevent_req_received() was called.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 21b56ffd983cc0b982bea55866bfa84c79133503)

ldb: version 1.2.1

* Bug #12882: Do not install _ldb_text.py if we have system libldb
* Use libraries from build dir for testsuite
* Bug #12900: Fix index out of bound in ldb_msg_find_common_values

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Jul 22 03:46:25 CEST 2017 on sn-devel-144

(cherry picked from commit 19dfccea744a843511d9c4ca2b5adbd648284250)

ldb/tests: more thoroughly test empty ldb_msg elements

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul  7 20:10:37 CEST 2017 on sn-devel-144

(cherry picked from commit 4b3de6118569eb9a1d4f233eca112d0d207c1087)

ldb: avoid searching empty lists in ldb_msg_find_common_values

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 282410fa2416404962521ad6b2598a9c83b63594)

ldb: Fix index out of bound in ldb_msg_find_common_values

cmocka unit test failed on i386
[==========] Running 2 test(s).
[ RUN      ] test_ldb_msg_find_duplicate_val
[       OK ] test_ldb_msg_find_duplicate_val
[ RUN      ] test_ldb_msg_find_common_values
[  FAILED  ] test_ldb_msg_find_common_values
[==========] 2 test(s) run.
[  ERROR   ] --- 0x14 != 0
[   LINE   ] --- ../tests/ldb_msg.c:266: error: Failure!
[  PASSED  ] 1 test(s).
[  FAILED  ] 1 test(s), listed below:
[  FAILED  ] test_ldb_msg_find_common_values
 1 FAILED TEST(S)

But we were just lucky on other platforms because there is
index out of bound according to valgrind error.

==3298== Invalid read of size 4
==3298==    at 0x486FCF6: ldb_val_cmp (ldb_msg.c:95)
==3298==    by 0x486FCF6: ldb_msg_find_common_values (ldb_msg.c:266)
==3298==    by 0x109A3D: test_ldb_msg_find_common_values (ldb_msg.c:265)
==3298==    by 0x48E7490: ??? (in /usr/lib/libcmocka.so.0.4.1)
==3298==    by 0x48E7EB0: _cmocka_run_group_tests (in /usr/lib/libcmocka.so.0.4.1)
==3298==    by 0x1089B7: main (ldb_msg.c:352)
==3298==  Address 0x4b07734 is 4 bytes after a block of size 48 alloc'd
==3298==    at 0x483223E: malloc (vg_replace_malloc.c:299)
==3298==    by 0x4907AA7: _talloc_array (in /usr/lib/libtalloc.so.2.1.9)
==3298==    by 0x486FBF8: ldb_msg_find_common_values (ldb_msg.c:245)
==3298==    by 0x109A3D: test_ldb_msg_find_common_values (ldb_msg.c:265)
==3298==    by 0x48E7490: ??? (in /usr/lib/libcmocka.so.0.4.1)
==3298==    by 0x48E7EB0: _cmocka_run_group_tests (in /usr/lib/libcmocka.so.0.4.1)
==3298==    by 0x1089B7: main (ldb_msg.c:352)

Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 963d9f12f902ae266a8c7edbf4249090de46173b)

ldb: Use libraries from build dir for testsuite

There was a failure when tests were executed after after extracting
ldb tarball.

  sh$ make -j8 check
  WAF_MAKE=1 PATH=buildtools/bin:../../buildtools/bin:$PATH waf test
  ldbadd: error while loading shared libraries: libldb.so.1: cannot open shared object file: No such file or directory
  cat: write error: Broken pipe
  Traceback (most recent call last):
    File "tests/python/api.py", line 10, in <module>
      import ldb
  ImportError: libldb.so.1: cannot open shared object file: No such file or directory
  Traceback (most recent call last):
    File "tests/python/api.py", line 10, in <module>
      import ldb
  ImportError: libpyldb-util.so.1: cannot open shared object file: No such file or directory
  bin/ldb_tdb_mod_op_test: error while loading shared libraries: libldb.so.1: cannot open shared object file: No such file or directory
  testsuite returned 1

Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit d5d6d209dedd60f8e99d11789f2a0d4e2bf95896)

WHATSNEW: add a note about the new 'smbclient deltree' command.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12914

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(v4-7-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-7-test): Fri Jul 21 00:36:16 CEST 2017 on sn-devel-144

s3:tests: Fix directory creation and deletion of test_nosymlinks()

This should fix flakey autobuild.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12914

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 19 11:59:52 CEST 2017 on sn-devel-144

(cherry picked from commit bd7eab1639bb5eb70ff04b8f4b89373ca47daf08)

s3:tests: Fix directory creation and deletion of test_local_symlinks()

This should fix flakey autobuild.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12914

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit b594e0cdd2b68d262377cfe438253244b89d089c)

s3: tests: Add test for new smbclient "deltree" command.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12914

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul  7 13:38:24 CEST 2017 on sn-devel-144

(cherry picked from commit b21ee14e2265a6dd11dd83c8e252a40de394585a)

docs: Document new smbclient deltree command.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12914

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit f2f9f51fef8e264fdad11018e3c447db0ad03cc1)

s3: smbclient: Add new command deltree.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12914

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit b6f484ae9ca737a0772b279b88fc285fe1cec0e9)

s3: client: Move struct file_list code to using talloc from malloc.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12914

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit e9d33bf89f7c3932522e7696182bfc590d049095)

WHATSNEW: move the CTDB changes section before the Parameter changes

Signed-off-by: Stefan Metzmacher <metze@samba.org>

unittests: Add missing stdint.h include

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12878

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 5d18c5e5ec52a185991f9de6883171f85f7d4fa7)

Autobuild-User(v4-7-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-7-test): Thu Jul 13 12:08:53 CEST 2017 on sn-devel-144

WHATSNEW: CTDB changes for 4.7

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Add code to run the tests for 'samba-tool user edit'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12884

Signed-off-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Jul  5 17:53:24 CEST 2017 on sn-devel-144

(cherry picked from commit e3707c1b19a27d431722e1b355dc39a39f7f8f1c)

Add test for 'samba-tool user edit'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12884

Signed-off-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 3c03ac750f4dea00da21f21302beeaf5b12a35b8)

Easily edit a users object in AD, as if using ldbedit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12884

Signed-off-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 2ab239be0d69389b451816ec72d548d1156e495b)

waf: Only build unit tests with selftest enabled

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12877

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 25ef27b2e6d80f0afa271e73a195caa2105be648)

s3:smbd: consistently use talloc_tos() memory for rpc_pipe_open_interface()

The result is only used temporary and should not be leaked on a long term
memory context as 'conn'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12890

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 77cbced5d2f8bf65c8d02f5edfaba8cbad519d08)

selftest: add a test for accessing previous version of directories with snapdirseverywhere

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12885

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Jul  8 00:33:51 CEST 2017 on sn-devel-144

(cherry picked from commit cc9ba98c08665e0ed6927fd81fa43a7bb7842e45)

s3/smbd: let non_widelink_open() chdir() to directories directly

If the caller passes O_DIRECTORY we just try to chdir() to smb_fname
directly, not to the parent directory.

The security check in check_reduced_name() will continue to work, but
this fixes the case of an open() for a previous version of a
subdirectory that contains snapshopt.

Eg:

[share]
    path = /shares/test
    vfs objects = shadow_copy2
    shadow:snapdir = .snapshots
    shadow:snapdirseverywhere = yes

Directory tree with fake snapshots:

$ tree -a /shares/test/
/shares/test/
├── dir
│   ├── file
│   └── .snapshots
│       └── @GMT-2017.07.04-04.30.12
│           └── file
├── dir2
│   └── file
├── file
├── .snapshots
│   └── @GMT-2001.01.01-00.00.00
│       ├── dir2
│       │   └── file
│       └── file
└── testfsctl.dat

./bin/smbclient -U slow%x //localhost/share -c 'ls @GMT-2017.07.04-04.30.12/dir/*'
NT_STATUS_OBJECT_NAME_NOT_FOUND listing \@GMT-2017.07.04-04.30.12\dir\*

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12885

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit b886a9443d49f6e27fa3863d87c9e24d12e62874)